All geek questions in one place

.net Core - HTTPS with AWS load balancer and elastic bean stack not working

I have a website that runs HTTPS correctly in my local environment. When I upload it to AWS, it just stops or redirects forever.

My installation in AWS is an Elastic Beanstalk application, an RDS database with MS SQL, I added a load balancer to forward HTTPS requests, and I have an SSL certificate correctly assigned to the load balancer. From all that I can say, my application works, in fact, the Entity Framework launched and correctly built my database in my RDS instance. I just can’t access the site via the Internet.

I tried to configure Listeners in many ways. If I install them like this, they simply redirect forever:Redirect forever

If I install them like this, then time will just come out: enter image description here

I have the code redirects HTTP / HTTPS port by default in my Startup.cs :

public void ConfigureServices(IServiceCollection services)
{
    // Sets all calls to require HTTPS: https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl
    services.Configure<MvcOptions>(options =>
    {
        options.Filters.Add(new RequireHttpsAttribute());
    });
    ...
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    // Force all HTTP requests to redirect to HTTPS: https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl
    var options = new RewriteOptions().AddRedirectToHttps();
    app.UseRewriter(options);

    ...

    app.UseForwardedHeaders(new ForwardedHeadersOptions
    {
        ForwardedHeaders = ForwardedHeaders.XForwardedFor |
                            ForwardedHeaders.XForwardedProto
    });
    ...
}

I spent days on it and cannot make it work. I tried to remove all my HTTPS code and it does not work. I have tried code solutions from blogs like this and this, and this also does not work. From what I read, the load balancer completes the processing of the HTTPS request and then redirects the HTTP request to my application. But I don’t know how to handle this properly, still apply HTTPS and redirect HTTP to HTTPS.

, -, . , , , . - ? .

, .

+10
5

, . -, HTTPS 443 HTTP 80 : enter image description here

, , ( AWS). services.Configure<MvcOptions>(options){} , , .

X-Forwarded-Proto. :

public static class RedirectToProxiedHttpsExtensions
{
    public static RewriteOptions AddRedirectToProxiedHttps(this RewriteOptions options)
    {
        options.Rules.Add(new RedirectToProxiedHttpsRule());
        return options;
    }
}

public class RedirectToProxiedHttpsRule : IRule
{
    public virtual void ApplyRule(RewriteContext context)
    {
        var request = context.HttpContext.Request;

        // #1) Did this request start off as HTTP?
        string reqProtocol;
        if (request.Headers.ContainsKey("X-Forwarded-Proto"))
        {
            reqProtocol = request.Headers["X-Forwarded-Proto"][0];
        }
        else
        {
            reqProtocol = (request.IsHttps ? "https" : "http");
        }


        // #2) If so, redirect to HTTPS equivalent
        if (reqProtocol != "https")
        {
            var newUrl = new StringBuilder()
                .Append("https://").Append(request.Host)
                .Append(request.PathBase).Append(request.Path)
                .Append(request.QueryString);

            context.HttpContext.Response.Redirect(newUrl.ToString(), true);
        }
    }
}

, Startup.cs:

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    ...
    var options = new RewriteOptions()
        .AddRedirectToProxiedHttps()
        .AddRedirect("(.*)/$", "$1");  // remove trailing slash
    app.UseRewriter(options);
    ... 
}

- !

+12

AWS docs X-Forwarded-Proto , http ( https > ).

RedirectToHttpsRule Microsoft.AspNetCore.Rewrite . IRule.

+3

app.UseForwardedHeaders(), , AWS Load Balancers, .

Remember to install the Microsoft.AspNetCore.HttpOverrides NuGet package first, otherwise it will fail.

    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        ...
        app.UseForwardedHeaders(GetForwardedHeadersOptions());
        ...
    }

    private static ForwardedHeadersOptions GetForwardedHeadersOptions()
    {
        ForwardedHeadersOptions forwardedHeadersOptions = new ForwardedHeadersOptions()
        {
            ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
        };

        forwardedHeadersOptions.KnownNetworks.Clear();
        forwardedHeadersOptions.KnownProxies.Clear();

        return forwardedHeadersOptions;
    }
0
source

You must accept XForwardedProto

In Startup.cs:

public void ConfigureServices(IServiceCollection services)
{
  ...
    services.Configure<ForwardedHeadersOptions>(options =>
    {
        options.ForwardedHeaders = ForwardedHeaders.XForwardedProto;
    });
   ...  
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
 ...
 app.UseForwardedHeaders();
 ...
}
0
source

I ran into the same problem. I finally fixed it by modifying the web.config file.

Below exact code works for me. I follow this link . If the URL rewrite module is not installed, you will have to install it on your instance, otherwise only this modification of the web.config file will work.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>    
  <system.webServer>        
    <rewrite>            
      <rules>                
        <rule name="HTTPS rewrite behind AWS ELB rule" enabled="true" stopProcessing="true">
          <match url="^(.*)$" ignoreCase="false" />
          <conditions>
            <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />                    
          </conditions>                    
          <action type="Redirect" url="https://{SERVER_NAME}{URL}" redirectType="Found" />                
        </rule>            
      </rules>        
    </rewrite>    
  </system.webServer>
</configuration>
0
source

Source: https://habr.com/ru/post/1687345/

More articles:


All Articles